Mumsnet data breach - please read

[JustineMumsnet]

As some of you know, we're very sorry to say that we’ve become aware of a data breach which affected some Mumsnet user accounts

What happened?
There was a problem affecting Mumsnet user logins between 2pm of Tuesday 5 February and 9am on Thursday 7 February 2019. During this time, it appears that a user logging into their account at the same time as another user logged in, could have had their account info switched.

Why has this happened?
We believe that a software change, as part of moving our services to the cloud, that was put in place on Tuesday pm was the cause of this issue. We reversed that change this morning. Since then there have been no further incidents.

How did Mumsnet find out this was happening?
Late last night, a Mumsnet user alerted us to the fact that they were able to log in to and view the details of another user’s account.

What information could have been affected?
If someone other than you logs into your account, they can see:
your email address
your account details
your posting history
your personal messages

They would NOT have been able to see your password because that data is encrypted and they would not have been able to change your password because you need to input a password to do that.

How many people are affected?
At the moment, we don’t know for sure but we are investigating the logs and hope to know definitively very soon. We do know that approximately 4000 user accounts were logged into in the period in question but we don’t as yet know which of those were actually breached (ie also affected by a mismatched login), although we know for sure it wasn’t every account. We have been made aware by users of 14 incidents when this occurred and have contacted the individuals that we know were affected. We are working hard to establish if there were more.

What have you done about it so far?
We’ve reversed the software change that was made on Tuesday pm, and this morning we forced a log out, requiring users to log in again before they can post. This ensures that anyone who had inadvertently logged in as someone else will no longer be logged in to the wrong account.

Where can I get updates?
We’re posting about the situation on this thread, and will update as and when we have further relevant info.

What happens next?
When we have any further substantial information affecting the security of Mumsnet user accounts we will send another email and post on the site.

We’re very sorry.
You’ve every right to expect your Mumsnet account to be secure and private. We are working urgently to discover exactly how this breach happened and to learn and improve our processes. We will also keep you informed about what is happening. We know some of you will be very worried by the possibility that your account has been breached - please mail us on [email protected] if you’d like to discuss your individual account details. We will of course be reporting this incident to the Information Commissioner.

Thanks to all who brought this to our attention.

Justine

[BitOutOfPractice]

I have not had any email from MN on this subject

Nor me

[Greensleeves]

I didn't get an email. I mentioned it on the other thread and was reassured by EstherMumsnet that I should have received one, but that really doesn't alter the fact that I haven't. Not that I'm overly fussed about the generic email, as I've read the FAQs etc, but it is a bit of an indictment of MN's systems that they can't actually manage to send a mass mail-out to all users

[QwertyLou]

MyVelocity I’m sorry you experienced that, I would have found that a bit weird and violating. Thanks for logging back on to share. Hope everyone ended up getting mass send-out email (I got it)

[Xenia]

Has anyone on this thread had the email? I haven't or if I did i deleted it without noticing I suppose. I don't mind that I haven't had it as I could read on here what happened, and I have just about no emails on here from people to be read even if I had been switched and my email for here is anonymous, but there seem to be quite a few people who haven't.

[DointItForTheKids]

The responses to the breach by MNHQ show an organisation that is not ready, is not learning, does not operate correct IT systems / testing / breach protection, has no proper established responses that would naturally be easier to communicate if they did, probably doesn't have reporting that is generated after such a breach that would allow them to actually know, for sure, what the situation is/who was affected/ what order fixes are being applied/what users should expect to see, and, has a rubbish batch emailing solution to boot.

All of that is leading to the rubbish quality, lasaiz-fair, slightly rabbit in the headlights reactive updates. The IT is as muddled as the comms - the two relate directly to each other. The comms are rubbish is because the rubbish IT systems do not support knowledgeable, incisive and clear comms to the membership because the IT system is not fit for purpose nor adequately managed. It's just a shambles all round.

Also, what MNHQ expects to happen when they carry out the various fixes including the comms ones does not match with the user's reported experience and it's a complete surprise to MNHQ as various users advise the various issues they're experiencing which are at odds with MNHQs expectations. MNHQ should not have to ask users "Please tell us if you have not received our email" !! - there is no finer example of just how completely inadequate MNHQs systems are if they don't know this information, already, for a fact already from their own systems.

[DointItForTheKids]

We berate people on MN for drip-feeding, and then.... ......

[Xenia]

Although it is standard practice for IT people to ask for deails of the problem experienced - a company yesterday (their IT dept) asked for screen shots from me because there was an unusual problem with sending me a pdf and they wanted to try to replicate it.

[DointItForTheKids]

Yes if course, it certainly is, but it exposes the inadequacy of their systems and the mismatch between the expectation of what will happen when they carry out one of the 'fix' activities (eg notifying users that they will receive an email and then the user doesn't receive an email). And those events appear to be a surprise to MNHQ.

[grumiosmum]

Yeah, I got the email a few days ago Xenia.

[Smotheroffive]

For info, i never did receive the first of the two generic emails,but did receive the 2nd in a timely manner. That's apart from the bespoke emails sent to the dis affected.

Yes, obviously the info contained within is already on here, but its the function that's the issue, its not working.

[escoteric]

Mumsnet because they had lapsadasical approach my details were leaked and and now blackmailed. Thank you Mumsnet!

[escoteric]

Not disapointing just downright outrageous. The mission I had to go over 50 websites changing login information. This is an outrage. How dare Mumsnet be so dissmissive. Total numbskulls! Our data should be the number one priority. What a wanton carfee attitude you employ.

[BoreOfWhabylon]

Shocking @escoteric! I'd cancel my membership if I were you.

You do know this thread is 18 months old?

[LilyMumsnet]

@escoteric

Mumsnet because they had lapsadasical approach my details were leaked and and now blackmailed. Thank you Mumsnet!

Hello

Thanks for getting in touch.

This is the first we've heard about this and we've very keen to look into it for you. Please can you email all information over to [email protected]?

[escoteric]

Yes but the scammer waits till you thinks its safe and then after a while tells you your password a password used for mumsnet only it may be hold but these things surafce after you think all is fine. Cancelled my membership it's a done deal!

[LilyMumsnet]

Hello,

If you don't get in touch and offer us details and information, we won't be able to help. This sounds like a phishing scam, though - we would recommend changing all passwords as soon as possible.

[escoteric]

I cant believe Google Password assistant and emails are extroting money from me as the data breach was done by my Mumsnet account. Mumsnet has had numerous breaches it not worth being on this forum,

[BoreOfWhabylon]

Which would be why you told us a month ago that you cancelled your membership escoteric.

And yet here you still are.